The Samba-Bugzilla – Attachment 14660 Details for
Bug 9175
winbindd doesn't recover from NT_STATUS_NETWORK_SESSION_EXPIRED
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.8 and 4.9 cherry-picked from master
bug9175-v48,v49.patch (text/plain), 7.68 KB, created by
Ralph Böhme
on 2018-11-14 09:13:55 UTC
(
hide
)
Description:
Patch for 4.8 and 4.9 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2018-11-14 09:13:55 UTC
Size:
7.68 KB
patch
obsolete
>From 8135103bea214c060083756a0bc12a79d4601028 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 13 Nov 2018 12:08:10 +0100 >Subject: [PATCH 1/2] s4:torture/smb2/session: test > smbXcli_session_set_disconnect_expired() works > >This adds a simple test that verifies that after having set >smbXcli_session_set_disconnect_expired() a session gets disconnected >when it expires. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68) >--- > selftest/knownfail.d/samba3.smb2.session | 2 + > source4/torture/smb2/session.c | 110 +++++++++++++++++++++++ > 2 files changed, 112 insertions(+) > create mode 100644 selftest/knownfail.d/samba3.smb2.session > >diff --git a/selftest/knownfail.d/samba3.smb2.session b/selftest/knownfail.d/samba3.smb2.session >new file mode 100644 >index 00000000000..1ef3605d6b8 >--- /dev/null >+++ b/selftest/knownfail.d/samba3.smb2.session >@@ -0,0 +1,2 @@ >+^samba3.smb2.session krb5.expire_disconnect\(ad_dc\) >+^samba3.smb2.session krb5.expire_disconnect\(ad_member\) >diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c >index 57a5addcfcc..3917e0c09c4 100644 >--- a/source4/torture/smb2/session.c >+++ b/source4/torture/smb2/session.c >@@ -1596,6 +1596,114 @@ static bool test_session_expire2e(struct torture_context *tctx) > true); /* force_encryption */ > } > >+static bool test_session_expire_disconnect(struct torture_context *tctx) >+{ >+ NTSTATUS status; >+ bool ret = false; >+ struct smbcli_options options; >+ const char *host = torture_setting_string(tctx, "host", NULL); >+ const char *share = torture_setting_string(tctx, "share", NULL); >+ struct cli_credentials *credentials = popt_get_cmdline_credentials(); >+ struct smb2_tree *tree = NULL; >+ enum credentials_use_kerberos use_kerberos; >+ char fname[256]; >+ struct smb2_handle _h1; >+ struct smb2_handle *h1 = NULL; >+ struct smb2_create io1; >+ union smb_fileinfo qfinfo; >+ bool connected; >+ >+ use_kerberos = cli_credentials_get_kerberos_state(credentials); >+ if (use_kerberos != CRED_MUST_USE_KERBEROS) { >+ torture_warning(tctx, "smb2.session.expire1 requires -k yes!"); >+ torture_skip(tctx, "smb2.session.expire1 requires -k yes!"); >+ } >+ >+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED); >+ >+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4"); >+ lpcfg_smbcli_options(tctx->lp_ctx, &options); >+ options.signing = SMB_SIGNING_REQUIRED; >+ >+ status = smb2_connect(tctx, >+ host, >+ lpcfg_smb_ports(tctx->lp_ctx), >+ share, >+ lpcfg_resolve_context(tctx->lp_ctx), >+ credentials, >+ &tree, >+ tctx->ev, >+ &options, >+ lpcfg_socket_options(tctx->lp_ctx), >+ lpcfg_gensec_settings(tctx, tctx->lp_ctx) >+ ); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_connect failed"); >+ >+ smbXcli_session_set_disconnect_expired(tree->session->smbXcli); >+ >+ /* Add some random component to the file name. */ >+ snprintf(fname, sizeof(fname), "session_expire1_%s.dat", >+ generate_random_str(tctx, 8)); >+ >+ smb2_util_unlink(tree, fname); >+ >+ smb2_oplock_create_share(&io1, fname, >+ smb2_util_share_access(""), >+ smb2_util_oplock_level("b")); >+ io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE; >+ >+ status = smb2_create(tree, tctx, &io1); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_create failed"); >+ _h1 = io1.out.file.handle; >+ h1 = &_h1; >+ CHECK_CREATED(tctx, &io1, CREATED, FILE_ATTRIBUTE_ARCHIVE); >+ torture_assert_int_equal(tctx, io1.out.oplock_level, >+ smb2_util_oplock_level("b"), >+ "oplock_level incorrect"); >+ >+ /* get the security descriptor */ >+ >+ ZERO_STRUCT(qfinfo); >+ >+ qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION; >+ qfinfo.access_information.in.file.handle = _h1; >+ >+ torture_comment(tctx, "query info => OK\n"); >+ >+ ZERO_STRUCT(qfinfo.access_information.out); >+ status = smb2_getinfo_file(tree, tctx, &qfinfo); >+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, >+ "smb2_getinfo_file failed"); >+ >+ torture_comment(tctx, "sleep 10 seconds\n"); >+ smb_msleep(10*1000); >+ >+ torture_comment(tctx, "query info => EXPIRED\n"); >+ ZERO_STRUCT(qfinfo.access_information.out); >+ status = smb2_getinfo_file(tree, tctx, &qfinfo); >+ torture_assert_ntstatus_equal_goto(tctx, status, >+ NT_STATUS_NETWORK_SESSION_EXPIRED, >+ ret, done, "smb2_getinfo_file " >+ "returned unexpected status"); >+ >+ connected = smbXcli_conn_is_connected(tree->session->transport->conn); >+ torture_assert_goto(tctx, !connected, ret, done, "connected\n"); >+ >+ ret = true; >+done: >+ cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED); >+ >+ if (h1 != NULL) { >+ smb2_util_close(tree, *h1); >+ } >+ >+ talloc_free(tree); >+ lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0"); >+ return ret; >+} >+ > bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1) > { > const char *host = torture_setting_string(tctx, "host", NULL); >@@ -1754,6 +1862,8 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) > torture_suite_add_simple_test(suite, "expire1e", test_session_expire1e); > torture_suite_add_simple_test(suite, "expire2s", test_session_expire2s); > torture_suite_add_simple_test(suite, "expire2e", test_session_expire2e); >+ torture_suite_add_simple_test(suite, "expire_disconnect", >+ test_session_expire_disconnect); > torture_suite_add_1smb2_test(suite, "bind1", test_session_bind1); > > suite->description = talloc_strdup(suite, "SMB2-SESSION tests"); >-- >2.17.2 > > >From f3e5b557f84d1b8eb638d91b97150b44161b7554 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 7 Nov 2018 14:00:25 +0100 >Subject: [PATCH 2/2] libcli/smb: don't overwrite status code >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug >9175 never worked, as the preceeding signing check overwrote the status >variable. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 > >(cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99) >--- > libcli/smb/smbXcli_base.c | 12 +++++++----- > selftest/knownfail.d/samba3.smb2.session | 2 -- > 2 files changed, 7 insertions(+), 7 deletions(-) > delete mode 100644 selftest/knownfail.d/samba3.smb2.session > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index d0cc33b8b05..40480c83aa0 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -3908,15 +3908,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn, > } > > if (signing_key) { >- status = smb2_signing_check_pdu(*signing_key, >- state->conn->protocol, >- &cur[1], 3); >- if (!NT_STATUS_IS_OK(status)) { >+ NTSTATUS signing_status; >+ >+ signing_status = smb2_signing_check_pdu(*signing_key, >+ state->conn->protocol, >+ &cur[1], 3); >+ if (!NT_STATUS_IS_OK(signing_status)) { > /* > * If the signing check fails, we disconnect > * the connection. > */ >- return status; >+ return signing_status; > } > } > >diff --git a/selftest/knownfail.d/samba3.smb2.session b/selftest/knownfail.d/samba3.smb2.session >deleted file mode 100644 >index 1ef3605d6b8..00000000000 >--- a/selftest/knownfail.d/samba3.smb2.session >+++ /dev/null >@@ -1,2 +0,0 @@ >-^samba3.smb2.session krb5.expire_disconnect\(ad_dc\) >-^samba3.smb2.session krb5.expire_disconnect\(ad_member\) >-- >2.17.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14660">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
metze
:
review+
Actions:
View
Attachments on
bug 9175
:
8097
|
8135
| 14660